Hi Max,
The policy files already have SecurityPermission
"putProviderProperty.*", PKCS11Test class is quite complex.
PKCS11Test needs to be run without specifying -Djava.secutity.manager.
In PKCS11Test.main(), if args[0] is "sm", then the class enables a
security manager right before actual test cases run (it was done to
avoid granting lots of permissions because PKCS11Tests does some work
before actual test cases run).
http://hg.openjdk.java.net/jdk9/dev/jdk/file/bb8379287f37/test/sun/security/pkcs11/PKCS11Test.java#l156
...
try {
if (enableSM) {
System.setSecurityManager(new SecurityManager());
}
long start = System.currentTimeMillis();
System.out.printf(
"Running test with provider %s (security manager
%s) ...%n",
p.getName(), enableSM ? "enabled" : "disabled");
...
http://hg.openjdk.java.net/jdk9/dev/jdk/file/bb8379287f37/test/sun/security/pkcs11/PKCS11Test.java#l182
...
public static void main(PKCS11Test test, String[] args) throws
Exception {
if (args != null) {
if (args.length > 0 && "sm".equals(args[0])) {
test.enableSM = true;
}
if (test.enableSM) {
System.setProperty("java.security.policy",
(args.length > 1) ? BASE + SEP + args[1]
: DEFAULT_POLICY);
}
}
...
It also overrides "java.security.policy" if a security manager is set.
If there is no args[1] element, it sets it as DEFAULT_POLICY which
doesn't exist for this test. As a result, a wrong policy is used, and
ACE occurs. That's why correct policy file name should be passed in args[1].
Artem
On 04/09/2016 01:46 AM, Wang Weijun wrote:
Hi Amanda,
This is better.
On the other hand, I read the bug report and am not sure if this is the correct way to fix it.
Maybe the ("java.security.SecurityPermission"
"putProviderProperty.SunDeploy-MozillaJSS") permission should be granted? Or maybe this
is a source bug? Artem reported that the problem is only on linux-x86. It's better we get a
consistent behavior across platforms.
Thanks,
Max
On Apr 9, 2016, at 8:20 AM, Amanda Jiang <[email protected]> wrote:
Hi Max,
Thanks for reviewing, you are right, "sm" should be the correct argument.
I updated the test argument and PKCS11Test, please check the new webrev:
http://cr.openjdk.java.net/~amjiang/8153545/webrev.02/
Thanks,
Amanda
On 16/4/8 上午12:28, Wang Weijun wrote:
Hi Amanda
I am not familiar with the tests, but it looks like the 1st args argument should be "sm"
[1] to enable the security manager, not "true".
If PKCS11Test always uses args as command and optional argument(s), maybe you
should throw an exception if the command is unknown.
Thanks
Max
[1]
http://hg.openjdk.java.net/jdk9/dev/jdk/file/cac52c9da800/test/sun/security/pkcs11/PKCS11Test.java#l184
On Apr 8, 2016, at 1:09 PM, Amanda Jiang <[email protected]> wrote:
Hi All,
Please help to review following changeset which fixes test bug for
sun/security/pkcs11/Provider/Login.sh and another similar failed test.
Bug: https://bugs.openjdk.java.net/browse/JDK-8153545
Changest: http://cr.openjdk.java.net/~amjiang/8153545/webrev.01/
Thanks,
Amanda
